+1-202-802-9399 U.S. Headquarters

Thycotic’s CyberSecurity Publication

POPULAR CATEGORIES

The Top 5 PAM Tasks IT Teams Must Automate Part 3: Team Password Sharing

June 22nd, 2017


Security Fence

Automating Team Password Sharing: Sharing access to admin accounts across an organization is a challenge. But with proper automation in place your users know exactly what systems they can access and which accounts they can use to access those systems—a proverbial “one-stop shop” to conduct their work fast and securely.

In this 5-part Thycotic educational series, we focus on five areas of Privileged Account Management where automation can be utilized to not only reduce the amount of work typically associated with certain IT tasks, but also to significantly improve the security posture of your organization:

Part 1: Account Discovery
Part 2: Changing Network Passwords
You’re reading: Part 3: Team Password Sharing
Part 4: SSH Key Management
Part 5: Compliance Reporting

Why automate at all? With data centers constantly expanding across multiple geographic locations, IT teams are increasing the physical and virtual servers they have to manage. Yet the resources that enable them to accomplish required tasks rarely keep pace with their demands. So it’s not surprising that automating repetitive, rote tasks is a key component of success for any IT Operations group. There are areas where automation efforts are often overlooked, especially for managing the accounts IT teams use every day: non-human privileged accounts and service/application accounts.

Why automate Team Password Sharing?

Securely sharing access to administrative accounts with teams across an organization can be a challenge. Companies like Microsoft have made it relatively simple to use tools like Active Directory to manage permissions for end-users and groups. However, this doesn’t work as well for Unix root accounts, Cisco enable passwords, application administrative accounts, and any number of other services. And even with tools in place for Windows-based systems, it can be a difficult for a central IT Operations team or a Help Desk to manage the membership of administrative groups in order to provide the proper access to IT teams wherever they are located.

By automating password sharing IT Operations teams not only provide account access, but also manage the proper authorization to privileged accountsAutomatically providing access to the right people and teams (as well as providing a simple means for those teams to use those non-human, privileged accounts) can be accomplished with the right tools. By leveraging automation, IT Operations teams can not only provide account access, but also manage the proper authorization to these privileged accounts. By delegating the ability to assign permission to use an account to the owner or business unit manager of the account through the use of automated tools, teams can streamline access while assuring that only properly authorized access is granted.

Tools that automate account rights assignments based on each individual user can also establish a virtual paper trail of who provided access, when the access was provided, and to whom the access was given. This provides a critical auditing tool for supplying evidence of rights assignments for compliance audits, as well as encouraging best practices that ensure any admin does not gain access to an account they are not authorized to use. Being able to track privileged account access per user in a comprehensive audit log is a major benefit of privileged account team sharing tools. And, these tools make manually assigning and automatically enforcing privileged account rights possible.

Going beyond Active Directory log on capabilities, privileged password management tools like Thycotic Secret Server enable IT teams to ensure their staff have the most up-to-date password for the systems they need. That way, when shared administrative passwords are changed, each administrator is given access to the latest password through their secure, centralized account portal.

Logging onto admin accounts is also made more secure. Secret Server can enable automated processes around launching connectivity tools (such as SSH or RDP) for administrators so they spend less time trying to remember passwords, copy and paste them out of files, or perform trial and error methods to log in to target systems.

With proper automation in place, admins know exactly what systems they can access, what accounts they can use to access those systems, and gain a proverbial “one-stop shop” to conduct their work securely, without having to chase down additional access or permissions.

Automated Password Sharing feature in Thycotic Secret Server:

Create a new password or 'Secret' in Secret Server
If you’re on the lookout for a new password management system, you can compare passwords managers here, side by side on a handy chart.

Already securing privileged account access for more than 7,500 organizations worldwide, including Fortune 500 enterprises; Thycotic Secret Server is simply your best value for PAM protection.

IT Security should be easy. We’ll show you how.

Try Secret Server and experience how FAST & EASY
IT security products can be.



Leave a Reply

*